system virtual machine

Virtual machine

In computer science, a virtual machine (VM) is a software implementation of a machine (computer) that executes programs like a real machine.

Definitions

A virtual machine was originally defined by Popek and Goldberg as "an efficient, isolated duplicate of a real machine". Current use includes virtual machines which have no direct correspondence to any real hardware.

Example:
A program written in Java receives services from the Java Runtime Environment software by issuing commands from which the expected result is returned by the Java software. By providing these services to the program, the Java software is acting as a "virtual machine", taking the place of the operating system or hardware for which the program would ordinarily have had to have been specifically written.
Virtual machines are separated into two major categories, based on their use and degree of correspondence to any real machine. A system virtual machine provides a complete system platform which supports the execution of a complete operating system (OS). In contrast, a process virtual machine is designed to run a single program, which means that it supports a single process. An essential characteristic of a virtual machine is that the software running inside is limited to the resources and abstractions provided by the virtual machine -- it cannot break out of its virtual world.

System virtual machines

System virtual machines (sometimes called hardware virtual machines) allow the sharing of the underlying physical machine resources between different virtual machines, each running its own operating system. The software layer providing the virtualization is called a virtual machine monitor or hypervisor. A hypervisor can run on bare hardware (Type 1 or native VM) or on top of an operating system (Type 2 or hosted VM).

The main advantages of system VMs are:

multiple OS environments can co-exist on the same computer, in strong isolation from each other

the virtual machine can provide an instruction set architecture (ISA) that is somewhat different from that of the real machine

Multiple VMs each running their own operating system (called guest operating system) are frequently used in server consolidation, where different services that used to run on individual machines in order to avoid interference are instead run in separate VMs on the same physical machine. This use is frequently called quality-of-service isolation (QoS isolation).

The desire to run multiple operating systems was the original motivation for virtual machines, as it allowed time-sharing a single computer between several single-tasking OSes.

The guest OSes do not have to be all the same, making it possible to run different OSes on the same computer (e.g., Microsoft Windows and Linux, or older versions of an OS in order to support software that has not yet been ported to the latest version). The use of virtual machines to support different guest OSes is becoming popular in embedded systems; a typical use is to support a real-time operating system at the same time as a high-level OS such as Linux or Windows.

Another use is to sandbox an OS that is not trusted, possibly because it is a system under development. Virtual machines have other advantages for OS development, including better debugging access and faster reboots.

Alternative techniques such as Solaris Zones provides a level of isolation within a single operating system. This does not have isolation as complete as a VM, as kernel exploits in a single zone affect all zones, whereas kernel exploits in a VM do not affect other VMs on the host. Zones are not virtual machines, but an example of "operating-system virtualization". This includes other "virtual environments" (also called "virtual servers") such as Virtuozzo, FreeBSD Jails, Linux-VServer, chroot jail, and OpenVZ. These provide some form of encapsulation of processes within an operating system. These technologies have the advantage of being more resource-efficient than full virtualization; the disadvantage is that they can only run a single operating system and a single version/patch level of that operating system - so, for example, they cannot be used to run two applications, one of which only supports a newer OS version and the other only supporting an older OS version on the same hardware.

Process virtual machine

A process VM, sometimes called an application virtual machine, runs as a normal application inside an OS and supports a single process. It is created when that process is started and destroyed when it exits. Its purpose is to provide a platform-independent programming environment that abstracts away details of the underlying hardware or operating system, and allows a program to execute in the same way on any platform.

A special case of process VMs are systems that abstract over the communication mechanisms of a (potentially heterogeneous) computer cluster. Such a VM does not consist of a single process, but one process per physical machine in the cluster. They are designed to ease the task of programming parallel applications by letting the programmer focus on algorithms rather than the communication mechanisms provided by the interconnect and the OS. They do not hide the fact that communication takes place, and as such do not attempt to present the cluster as a single parallel machine.

Unlike other process VMs, these systems do not provide a specific programming language, but are embedded in an existing language; typically such a system provides bindings for several languages (e.g., C and FORTRAN). Examples are PVM (Parallel Virtual Machine) and MPI (Message Passing Interface). They are not strictly virtual machines, as the applications running on top still have access to all OS services, and are therefore not confined to the system model provided by the "VM".

Techniques

Emulation of the underlying raw hardware (native execution)

This approach is described as full virtualization of the hardware, and can be implemented using a Type 1 or Type 2 hypervisor. (A Type 1 hypervisor runs directly on the hardware; a Type 2 hypervisor runs on another operating system, such as Linux). Each virtual machine can run any operating system supported by the underlying hardware. Users can thus run two or more different "guest" operating systems simultaneously, in separate "private" virtual computers.

The pioneer system using this concept was IBM's CP-40, the first (1967) version of IBM's CP/CMS (1967-1972) and the precursor to IBM's VM family (1972-present). With the VM architecture, most users run a relatively simple interactive computing single-user operating system, CMS, as a "guest" on top of the VM control program (VM-CP). This approach kept the CMS design simple, as if it were running alone; the control program quietly provides multitasking and resource management services "behind the scenes". In addition to CMS, VM users can run any of the other IBM operating systems, such as MVS or z/OS. z/VM is the current version of VM, and is used to support hundreds or thousands of virtual machines on a given mainframe. Some installations use Linux for zSeries to run Web servers, where Linux runs as the operating system within many virtual machines.

Full virtualization is particularly helpful in operating system development, when experimental new code can be run at the same time as older, more stable, versions, each in a separate virtual machine. The process can even be recursive: IBM debugged new versions of its virtual machine operating system, VM, in a virtual machine running under an older version of VM, and even used this technique to simulate new hardware.

Emulation of a non-native system

Some virtual machines emulate hardware that only exists as a detailed specification. For example:

One of the first was the p-code machine specification, which allowed programmers to write Pascalprograms that would run on any computer running virtual machine software that correctly implemented the specification.

Open Firmware allows plug-in hardware to include boot-time diagnostics, configuration code, and device drivers that will run on any kind of CPU.

This technique allows diverse computers to run any software written to that specification; only the virtual machine software itself must be written separately for each type of computer on which it runs.

For example, Solaris Zones supports multiple guest OSes running under the same OS (such as Solaris 10). All guest OSes have to use the same kernel level and cannot run as different OS versions. Solaris Zones also requires that the host OS be a version of Solaris; other OSes from other manufacturers are not supported.

Another example is AIX, which provides the same technique under the name of Micro Partitioning.

The operating system level architecture has low overhead that helps to maximize efficient use of server resources. The virtualization introduces only a negligible overhead and allows running hundreds of virtual private servers on a single physical server. In contrast, approaches such as virtualisation (like VMware) and paravirtualization (like Xen or UML) cannot achieve such level of density, due to overhead of running multiple kernels. From the other side, operating system-level virtualization does not allow running different operating systems (i.e. different kernels), although different libraries, distributions etc. are possible.

Denali uses paravirtualisation to provide high-performance virtual machines on x86 computers. Denali's virtual machines support specialised minimal OSs for Internet services. The system can scale to thousands of virtual machines. Denali does not preserve the application binary interface (ABI), and so applications must be recompiled to run within a library operating system; in this sense it is similar to the Exokernel.

OKL4 uses the open-source L4 microkernel as a hypervisor to provide a high-performance virtualization solution for embedded systems.

Parallels provides virtualization of x86 for running unmodified PC operating systems. It also uses a lightweight hypervisor technology in order to improve security and to increase the efficiency. Parallels has become popular for its ability to run Windows as a guest under Mac OS X on the Apple-Intel architecture.

QEMU is a simulator based on a virtual machine, which gives it the ability to emulate a variety of guest CPU architectures on many different host platforms.

Virtuozzo replaces the hardware abstraction layer with a modified version enabling it to run with better performance of the OS, but forces all the VMs on a hardware box to all run the same OS, with some flexibility to support various Linux distributions on the same server. Currently they have a version for Windows 2003 and for Linux. OpenVZ is a related open-source project providing similar functionality for Linux.

VMware provides virtual machines for x86 that can run unmodified PC operating systems. The technology involved in doing this is complex and also incurs (sometimes significant) performance overheads with hosted VMware products (VM Server and Workstation). ESX server provides near-native performance and a fully virtualized option (along with para-virtualization of some hardware components). Xen trades running of existing operating systems for running modified (paravirtualized) operating systems with improved performance. Virtual Iron provides full OS compatibility for existing or new OSes with near-native performance without the performance trade-offs between paravirualization and binary translation.

Xen Virtualization system whose motivation differs from that of Denali in that it is intended to run a moderate number of full-featured operating systems, rather than a large number of specialised, lightweight ones.

KVM is a Linux kernel module that enables a modified QEMU program to use hardware virtualization.